Turris OS 4.0.2 is out!

Dear Turris users,

We would like to inform you that we have just released Turris OS 4.0.2 for modular router Turris MOX and Turris Omnia from the RC branch. In this release, which is based on the latest stable release 18.06.05 of OpenWrt, you can find small improvements for Foris interface which was requested here on the forum. There are bug fixes and mostly security updates.

Highlights of this release:

  • When you go to the administration interface Foris and take a look at the About tab, you can find there which branch you are using.

  • We fixed autodection of router address in OpenVPN tab in Foris and added missing hardening package list.

  • Security fixes for php7, mariadb, python2, tcpdump, mariadb, lxc

Full release notes for this release:

* Based on the latest OpenWrt 18.06.5
* added missing hardening package list
* fixed autodetection of router address in Foris OpenVPN
* irssi: updated to version 1.2.2, fix CVE-2019-15717
* sudo: updated to version 1.8.28p1, fix CVE-2019-14287
* bind: updated to version 9.11.13, fix CVE-2019-6477
* openldap: updated to version 2.4.48, fix CVE-2019-13565
* kernel: updated to version 4.14.156
* libpcap: updated to version 1.9.1, fix CVE-2019-1516{1,2,3,4,5}
* tcpdump: updated to version 4.9.3, fix multiple CVEs
* python: updated to version 2.7.17
* php7: updated to version 7.2.25, fix CVE-2019-11043, CVE-2019-11042
* mariadb: updated to version 10.4.10, fix CVE-2019-2974, CVE-2019-2938
* foris: updated to version 100.6
* foris-controller: updated to version 1.0.6
* python[3]-cryptography: fix CVE-2018-10903
* ustream-ssl: CVE-2019-5101, CVE-2019-5102
* unbound: updated to version 1.9.5, fix CVE-2019-18934
* haproxy: updated to version 1.8.23, fix CVE-2019-19330
* lxc: fix CVE-2019-5736
* tor: updated to version 4.1.6
* nano: updated to version 4.6
* libiconv: updated to version 1.16
* enable RTC NVMEM access for Turris 1.x
* luci-compat, lmdb: new packages

When you are using previous release Turris OS 4.0.1, you should be updated to this version automatically, if you are not using approvals. If you do, you can approve it in the Updater tab.

We appreciate any feedback for this release.


does it fix the hanging on reboot issue?


If we both are talking about modular router Turris MOX that it some occasions it doesn’t power on from the restart and in that case, you need to unplug and plug power supply, it is being investigated, and our kernel developers are working on a solution. You can find here a separate thread for it, where you will find a link for a issue, which is created on our Gitlab and where you can check the progress of it.

Yes, we are. Thanks for the link, will follow there.

i get the Errormessage

[string “transaction”]:328: [string “transaction”]:153: Collisions:
• /lib/libustream-ssl.so: libustream-openssl (new-file), libustream-mbedtls (existing-file)

when i try to remove the libustream-mbedtls package i get the message:

opkg remove libustream-mbedtls
No packages removed.
Collected errors:

  • print_dependents_warning: Package libustream-mbedtls is depended upon by packages:

  • print_dependents_warning: luci-ssl

  • print_dependents_warning: These might cease to work if package libustream-mbedtls is removed.

  • print_dependents_warning: Force removal of this package with --force-depends.

  • print_dependents_warning: Force removal of this package and its dependents

  • print_dependents_warning: with --force-removal-of-dependent-packages.

The Package libustream-openssl get following message…

Removing package libustream-openssl from root…
WARNING: You probably just removed a package that was installed as part of a user list or the basic system. This package will return durring the next updater run. We suggest you disable the user list instead.
I remove both packages and the package luci-ssl and after running updater-supervisor again the update is done.

Please config the package libustream-openssl and is depencys…


And what about Turris 1.x? Is this EoL no longer supported router? Thanks a lot.

Installed on Omnia, everything is perfect: WiFi, storage, Data Collection, DNS, ssh and LuCI. Thanks :hearts:

Installed on Omnia. Now finally my MOX NetBoot works! Took a long time, but I am happy. Thanks!

1 Like

OS 3.x is still getting (security) updates, and devs have repeatedly written that support for Turris 1.x in 4.x+ is planned as well.

MOX funguje a lze jej spravovat přes Omnii (Turris OS 3.10.10). MOX se zároveň po aktualizaci sám restartoval bez nutnosti ho odpojit od elektřiny (což bylo ještě u původní verze Turris OS 4.0 třeba).

Dear all (including Viktor, who still spoils English section with Czech replies),
I’d like to ask whether you can advice in two items:

1/ Some time ago, I read that there is ongoing activity in Turris team to publish migration tool TOS3.x -> TOS4.x. At least, I need to migrate smoothly VPN since I hardly can push new VPN keys to all clients simultaneously. I do understand that other customized services can hardly be migrated…

2/ I’d like to test TOS4.x with chance to easily revert back to running TOS3.x, by having dual-boot as described in https://wiki.turris.cz/doc/en/howto/omnia_booting_from_external_storage. Is there any special reason why all steps described in article must be done with serial console access and can’t be done with SSH? Which particular step can’t be done with SSH?

Thanks in advance to both public and TOS team members!

It can be done via ssh but it is not outlined in the documentation. There are threads in the forum of how to go about it. The major difference is changing the boot env variables via fw_setenv -s.
Nonetheless, it is preferable to have a serial cable at hand in case something goes wrong.

One caveat running from other storage than the embedded NAND, if I am not mistaken, is that the LED rollback with the hardware reset button works only with the embedded NAND storage.